admin Bereich korrigiert
This commit is contained in:
titver968
@@ -1,29 +1,59 @@
|
||||
import { json } from '@sveltejs/kit';
|
||||
// src/routes/api/admin/login/+server.ts
|
||||
import type { RequestHandler } from './$types';
|
||||
import { PrismaClient } from '@prisma/client';
|
||||
import bcrypt from 'bcryptjs';
|
||||
import { PrismaClient } from '@prisma/client';
|
||||
|
||||
const prisma = new PrismaClient();
|
||||
|
||||
//const ADMIN_PASSWORD_HASH = 'your-hashed-password-here'; // Ersetze mit deinem Hash
|
||||
|
||||
const adminRecord = await prisma.admin.findUnique({ where: { id: 1 } });
|
||||
if (!adminRecord || !adminRecord.password) {
|
||||
throw new Error('Admin password hash not found in database');
|
||||
} else {
|
||||
console.log('Admin password hash loaded successfully');
|
||||
}
|
||||
const ADMIN_PASSWORD_HASH = adminRecord.password;
|
||||
|
||||
export const POST: RequestHandler = async ({ request, cookies }) => {
|
||||
const { passwort } = await request.json();
|
||||
try {
|
||||
const { passwort } = await request.json();
|
||||
|
||||
const admin = await prisma.admin.findUnique({ where: { id: 1 } });
|
||||
if (!admin) {
|
||||
return json({ error: 'Kein Admin gefunden' }, { status: 500 });
|
||||
if (!passwort) {
|
||||
return new Response(
|
||||
JSON.stringify({ message: 'Passwort erforderlich' }),
|
||||
{ status: 400, headers: { 'Content-Type': 'application/json' } }
|
||||
);
|
||||
}
|
||||
|
||||
// Hier solltest du den Hash aus der Datenbank oder Umgebungsvariable laden
|
||||
const isValid = await bcrypt.compare(passwort, ADMIN_PASSWORD_HASH);
|
||||
|
||||
if (isValid) {
|
||||
// Setze konsistenten Cookie-Namen
|
||||
cookies.set('admin-auth', 'authenticated', {
|
||||
path: '/',
|
||||
httpOnly: true,
|
||||
secure: process.env.NODE_ENV === 'production',
|
||||
sameSite: 'strict',
|
||||
maxAge: 60 * 60 * 24 // 24 Stunden
|
||||
});
|
||||
|
||||
return new Response(
|
||||
JSON.stringify({ success: true }),
|
||||
{ status: 200, headers: { 'Content-Type': 'application/json' } }
|
||||
);
|
||||
} else {
|
||||
return new Response(
|
||||
JSON.stringify({ message: 'Falsches Passwort' }),
|
||||
{ status: 401, headers: { 'Content-Type': 'application/json' } }
|
||||
);
|
||||
}
|
||||
} catch (error) {
|
||||
console.error('Login error:', error);
|
||||
return new Response(
|
||||
JSON.stringify({ message: 'Serverfehler' }),
|
||||
{ status: 500, headers: { 'Content-Type': 'application/json' } }
|
||||
);
|
||||
}
|
||||
|
||||
const isValid = await bcrypt.compare(passwort, admin.password);
|
||||
if (!isValid) {
|
||||
return json({ error: 'Falsches Passwort' }, { status: 401 });
|
||||
}
|
||||
|
||||
cookies.set('admin_session', 'true', {
|
||||
path: '/',
|
||||
httpOnly: true,
|
||||
sameSite: 'strict',
|
||||
maxAge: 60 * 60 * 4 // 4 Stunden
|
||||
});
|
||||
|
||||
return json({ success: true });
|
||||
};
|
||||
Reference in New Issue
Block a user